David Cameron’s insistence that British spies should have the power to break into encrypted communications could scarcely have come at a more sensitive time. The British prime minister reacted quickly to the slaughter of journalists at French satirical magazine Charlie Hebdo, demanding that social media co-operate with GCHQ in future.
Yet his comments have not been greeted warmly by many in cybersecurity. Here are three of the main reasons below.
1. Strong encryption is too readily available
Governments have long been hostile to the free availability of strong encryption on the internet, with the US already imposing restrictions on the export of strong cryptography to foreign climes (and idea rendered somewhat absurd by global connectivity).
As Richard Moulds, VP of strategy at Thales e-Security put it: "The genie is already out of the bottle, so making changes now won’t have much effect if the bad guys can already get their hands on strong encryption for free."
He added that governments could try to demand that people register their encryption keys or limit their size, but labelled it impractical. "At some point governments have to accept that encrypted communications can’t reliably be broken, and that lawful interception will become less useful over time. Other intelligence gathering techniques will need to be developed."
2. Backdoors will not only be accessed by ‘good guys’
Installing backdoors in products that will let spooks snoop on communications has been mooted as an idea by Cameron, who said he would not allow communications that his government could not read to exist.
"Mr. Cameron is trying to convince the world that some fantasy version of security is possible — where ‘good guys’ can have a back door or extra key to your home but bad guys could never use it," said Wael Aggan, chief executive of CloudMask, a security vendor. "Anyone with even a basic understanding of security can tell you that’s just not true."
"The issue is much bigger than secure emails and chats, it is about the safety of our society and the lives of our citizens," he added. "Just imagine removing encryption for controllers of our infrastructure. Mr. Cameron’s proposal is a disaster for all of us."
3. It would clash with European data regulation
Cameron’s policy looks to be set on a collision course with certain interpretations of the European Convention of Human Rights (ECHR), which guarantees a right to privacy, albeit with some national security exemptions. Whether his current plans would be challenged in court is still unclear, but it may be fatal to them.
"This policy would put the UK out of touch with EU Data Privacy regulation that is leaning towards providing citizens with greater protection and control over their own information," said Cameron Burke, SVP at Cirius Messaging, adding that the prime minister’s actions may unsettle finance as well.
"At the end of the day, this is a pointless exercise as those parties who are the targets of government surveillance, such as terrorist cells and criminal organizations, would have no qualms about using ‘illegal’ encryption solutions."